Challenge Resource
The Challenge resource is currently used by Verify Push and Verify TOTP features. It represents a single verification attempt of an Entity using a Factor. When the factor_type is push, a Challenge is created to verify the signature of the message sent from the registered device with the public key stored in the Factor. When the factor_type is totp, a Challenge is created to verify that the TOTP code provided by the user matches the one generated by the seed stored in the Factor. Some Challenge properties apply to all factor_types and others do not. A single Entity links to multiple Factors and a single Factor links to multiple Challenges.
Challenges and Billing
Verify Push
Consistent with overall Verify pricing, Verify Push is billed at a rate of $0.05 per verification. In technical terms, a Verify Push "verification" is defined as a Challenge of factor_type:push that is updated with a status of approved or denied.
Verify TOTP
Consistent with overall Verify pricing, Verify TOTP will be billed at a rate of $0.05 per verification. In technical terms, a Verify TOTP "verification" is defined as a Challenge of factor_type:totp that is updated with a status of approved.
Challenge properties
| Resource Properties in REST API format | |
|---|---|
sid
|
A 34 character string that uniquely identifies this Challenge. |
account_sid
|
The unique SID identifier of the Account. |
service_sid
|
The unique SID identifier of the Service. |
entity_sid
|
The unique SID identifier of the Entity. |
identity
|
Customer unique identity for the Entity owner of the Challenge. This identifier should be immutable, not PII, length between 8 and 64 characters, and generated by your external system, such as your user's UUID, GUID, or SID. It can only contain dash (-) separated alphanumeric characters. |
factor_sid
|
The unique SID identifier of the Factor. |
date_created
|
The date that this Challenge was created, given in ISO 8601 format. |
date_updated
|
The date that this Challenge was updated, given in ISO 8601 format. |
date_responded
|
The date that this Challenge was responded, given in ISO 8601 format. |
expiration_date
|
The date-time when this Challenge expires, given in ISO 8601 format. The default value is five (5) minutes after Challenge creation. The max value is sixty (60) minutes after creation. |
status
|
The Status of this Challenge. One of |
responded_reason
|
Reason for the Challenge to be in certain |
details
|
Details provided to give context about the Challenge. Intended to be shown to the end user. |
hidden_details
|
Details provided to give context about the Challenge. Intended to be hidden from the end user. It must be a stringified JSON with only strings values eg. |
metadata
|
Custom metadata associated with the challenge. This is added by the Device/SDK directly to allow for the inclusion of device information. It must be a stringified JSON with only strings values eg. |
factor_type
|
The Factor Type of this Challenge. Currently |
url
|
The URL of this resource. |
links
|
Contains a dictionary of URL links to nested resources of this Challenge. |
Create a Challenge resource
https://verify.twilio.com/v2/Services/{ServiceSid}/Entities/{Identity}/Challenges
Parameters
| Parameters in REST API format | |
|---|---|
service_sid
Path
|
The unique SID identifier of the Service. |
identity
Path
|
Customer unique identity for the Entity owner of the Challenge. This identifier should be immutable, not PII, length between 8 and 64 characters, and generated by your external system, such as your user's UUID, GUID, or SID. It can only contain dash (-) separated alphanumeric characters. |
factor_sid
Required
|
The unique SID identifier of the Factor. |
expiration_date
Optional
|
The date-time when this Challenge expires, given in ISO 8601 format. The default value is five (5) minutes after Challenge creation. The max value is sixty (60) minutes after creation. |
details.message
Optional
|
Shown to the user when the push notification arrives. Required when |
details.fields
Optional
|
A list of objects that describe the Fields included in the Challenge. Each object contains the label and value of the field, the label can be up to 36 characters in length and the value can be up to 128 characters in length. Used when |
hidden_details
Optional
|
Details provided to give context about the Challenge. Not shown to the end user. It must be a stringified JSON with only strings values eg. |
auth_payload
Optional
|
Optional payload used to verify the Challenge upon creation. Only used with a Factor of type |
Example 1
Example 2
Fetch a Challenge resource
https://verify.twilio.com/v2/Services/{ServiceSid}/Entities/{Identity}/Challenges/{Sid}
Parameters
| Parameters in REST API format | |
|---|---|
service_sid
Path
|
The unique SID identifier of the Service. |
identity
Path
|
Customer unique identity for the Entity owner of the Challenges. This identifier should be immutable, not PII, length between 8 and 64 characters, and generated by your external system, such as your user's UUID, GUID, or SID. It can only contain dash (-) separated alphanumeric characters. |
sid
Path
|
A 34 character string that uniquely identifies this Challenge. |
Example 1
Read multiple Challenge resources
https://verify.twilio.com/v2/Services/{ServiceSid}/Entities/{Identity}/Challenges
Parameters
| Parameters in REST API format | |
|---|---|
service_sid
Path
|
The unique SID identifier of the Service. |
identity
Path
|
Customer unique identity for the Entity owner of the Challenge. This identifier should be immutable, not PII, length between 8 and 64 characters, and generated by your external system, such as your user's UUID, GUID, or SID. It can only contain dash (-) separated alphanumeric characters. |
factor_sid
Optional
|
The unique SID identifier of the Factor. |
status
Optional
|
The Status of the Challenges to fetch. One of |
order
Optional
|
The desired sort order of the Challenges list. One of |
Example 1
Update a Challenge resource
https://verify.twilio.com/v2/Services/{ServiceSid}/Entities/{Identity}/Challenges/{Sid}
Parameters
| Parameters in REST API format | |
|---|---|
service_sid
Path
|
The unique SID identifier of the Service. |
identity
Path
|
Customer unique identity for the Entity owner of the Challenge. This identifier should be immutable, not PII, length between 8 and 64 characters, and generated by your external system, such as your user's UUID, GUID, or SID. It can only contain dash (-) separated alphanumeric characters. |
sid
Path
|
A 34 character string that uniquely identifies this Challenge. |
auth_payload
Optional
|
The optional payload needed to verify the Challenge. E.g., a TOTP would use the numeric code. For |
metadata
Optional
|
Custom metadata associated with the challenge. This is added by the Device/SDK directly to allow for the inclusion of device information. It must be a stringified JSON with only strings values eg. |
Example 1
Need some help?
We all do sometimes; code is hard. Get help now from our support team, or lean on the wisdom of the crowd by visiting Twilio's Stack Overflow Collective or browsing the Twilio tag on Stack Overflow.
